TREsPASS: new EU project on information security

Human behaviour key in protecting information assets

An information infrastructure may be protected by the best technical means possible, but in the end it is often human behaviour that leads to unwanted intrusion or to the theft of information. By themselves, technical solutions will not solve these problems. That’s why universities and companies all over Europe are getting involved in the TREsPASS project, which makes specific allowance for the human dimension. The aim is to develop a smart ‘attack navigator’, which will trace potential weak points within an organization or a given infrastructure. The 13.5 million € project, which is being coordinated by the University of Twente in the Netherlands, starts on 1 November.

Everyone is familiar with the yellow ‘Post-it’ memos, showing login details, that are often found stuck to computer monitors. The same goes for USB sticks found in car parks. However, few grasp the real impact of such actions on an organization’s business or brand. Both may eventually lead to data theft, not as a result of any technical failure, but as a result of the vagaries of human behaviour. The TREsPASS project’s `attack navigator’ combines technical and human aspects of security to identify weak points in organizations and their infrastructure. The tool can then help users to select the most effective countermeasures. To this end, the project combines knowledge from the technical sciences (how vulnerable are protocols and software?) and social sciences (how vulnerable are patterns of human behaviour and why?), as well as state-of-the-art industry processes and tools. Visualizing this information in a sufficiently expressive way is one of the challenges facing this project.

The TREsPASS is coordinated by Prof. Pieter Hartel of the University of Twente. The other partners in the project are the Technical University of Denmark, Cybernetica (Estonia), GMV Spain, GMV Portugal, Royal Holloway University of London (United Kingdom), itrust Consulting (Luxembourg), Goethe University Frankfurt (Germany), IBM Research – Zurich (Switzerland), Delft University of Technology (Netherlands), Hamburg University of Technology (Germany), the University of Luxembourg (Luxembourg), Aalborg University (Denmark), Consult Hyperion (UK), BizzDesign (Netherlands), Deloitte (Netherlands), and Lust (Netherlands). For detailed partner profiles see here. Project website http://www.trespass-project.eu/node/29